package com.gaocy.interceptor;

import com.alibaba.fastjson.JSON;
import com.gaocy.common.api.ApiResult;
import com.gaocy.utils.ServletUtils;
import com.gaocy.utils.SignUtil;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * @author wanglulei
 * @create 2019-03-27 16:47
 * @desc 验签拦截器
 **/
@Slf4j
public class SignatureInInterceptor implements HandlerInterceptor {


    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object o) throws Exception {
        String contentType = request.getContentType();
        if (StringUtils.isNotBlank(contentType)) {
            if (contentType.contains("json")) {
                log.info("json请求免签名");
                return true;
            }
            if (contentType.contains("multipart")) {
                log.info("文件上传请求免签名");
                return true;
            }
        }
        //获取验签
        String signature = request.getParameter("sign");
        response.setCharacterEncoding("UTF-8");
        response.setContentType("application/json; charset=utf-8");
        if (StringUtils.isBlank(signature)) {
            log.info("签名字段为空");
            ServletUtils.renderString(response, JSON.toJSONString(ApiResult.failRequest("签名字段为空")));
            return false;
        }
        log.info("签名:{}",signature);


//        String secret =request.getParameter("secret");
//        if (StringUtils.isBlank(secret)){
//            log.info("secret不能为空...........");
//            ServletUtils.renderString(response, JSON.toJSONString(ApiResult.failRequest("secret不能为空")));
//            return false;
//        }

        String timestamp = request.getParameter("timestamp");
        if (StringUtils.isBlank(timestamp)){
            log.info("timestamp不能为空...........");
            ServletUtils.renderString(response, JSON.toJSONString(ApiResult.failRequest("timestamp不能为空")));
            return false;
        }

        /** 5、 防止过期时间的提交
         * 从前端传递的timestamp 与服务器端当前系统时间之差大于120s，则此次请求的timestamp无效
         *  留出短时间考虑网络问题提交速度慢，若时间过长中间时间足以挟持篡改参数，所以折中考虑了120秒
         */
       Long time = System.currentTimeMillis();
        if (Math.abs(Long.valueOf(timestamp)-time)>120000) {
            log.info("timestamp失效...........");
            ServletUtils.renderString(response, JSON.toJSONString(ApiResult.failRequest("timestamp失效")));
            return false;
        }



        //校验
        Boolean right = SignUtil.checkSign(request);
        if (right) {
            return true;
        }
        log.debug("sign签名校验失败...........");
        ServletUtils.renderString(response, JSON.toJSONString(ApiResult.failRequest("sign签名校验失败")));
        return false;
    }


    @Override
    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {
        // 在处理过程中，执行拦截
    }

    @Override
    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {
        // 执行完毕，返回前拦截
    }
}
